Social Icons

Sunday, September 29, 2013

BACKTRACK 5 R3 : dnsrecon

1.   Dnsrecon is another nice easy to use tool for pen testers for enumeration. The kinds of things dnsrecon can do are as follows:

    - Reverse Lookup against IP range
    - Perform general DNS query for NS,SOA and MX records
    - Cache snooping against Name Servers
    - Google Scanning for Sub Domains and Host

 2.   The command line usage and the few imp switch execution details are briefed here down :

   -h       --help                 Show this help message and exit
   -d       --domain            Domain to Target for enumeration.
   -c       --cidr                  CIDR for reverse look-up brute force (range/bitmask).
   -r       --range               IP Range for reverse look-up brute force
   -n      --name_server    Domain server to use, if none is given the SOA of the
                                      target will be used
   -D     --dictionary         Dictionary file of sub-domain and hostnames to use for
                                       brute force.
    -t     --type                  Specify the type of enumeration to perform:

Available through :
                           
Backtrack -> Information Gathering -> Network Analysis -> DNS Analysis -> dnsrecon

In this blog post,I  will be covering 3 enumeration techniques. These being:

    SRV records Enumeration
    Top Level Enumeration
    Standard Enumeration


(Click on image to Enlarge)

(Click on image to Enlarge)  
To perform an SRV records enumeration against a domain the following input command will be run:

Code:

./dnsrecon.py -t srv -d

As an example if we wanted to do this to certifiedhacker.com, our command would be as follows:

Code:
./dnsrecon.py -t srv -d google.com


(Click on image to Enlarge)


Top Level Enumeration

For performing a top level enumeration the following command will be used :

Code:
./dnsrecon.py -t tld -d

If the same command is run for google.com,the following command will be used

Code:
./dnsrecon.py -t tld -d google.com
 
(Click on image to Enlarge)

(Click on image to Enlarge)

and similarly,to perform an STD (standard) enumeration,the following command is used :

Code:

./dnsrecon.py -t std -d


Using Google as an example again, our command would be:

Code:

./dnsrecon.py -t std -d google.com

The result as seen below in a standard enumeration :

(Click on image to Enlarge)

(Click on image to Enlarge)
 

0 comments:

Post a Comment